/
FortiSandbox settings
Document toolboxDocument toolbox

FortiSandbox settings

Owned by Pavel Novák
Last updated: Jan 30, 2025
2 min read

In the FortiSandbox settings dialog it is possible to change the following settings concerning FortiSandbox detection engine:

Maximum file size limit

Specifies the maximum file size for which to perform the check by the engine.

Treat oversize as clean

If this is enabled and the check is skipped because the file is too big, the file is considered “clean” (like if the check was performed and found no problems). If this is disabled, then such file is considered “suspicious/dangerous” (like if the check was performed and found a problem) and the whole package will be quarantined.

Block following ratings

The result of a check by the sandbox engine can in case of new unknown threats be one of the following values:

  • Low risk

  • Medium risk

  • High risk

This setting specifies, which of these results are treated as dangerous and will be blocked (quarantined). It is recommended to block medium and high risk results. Low risk is to be considered, as it can be more often a “false positive” result.

Check only selected file types

If enabled, only the selected file types (extensions) listed below are sent for inspection. If disabled, all files are sent for inspection.

It is advisable to enable and configure file extension restrictions to align with the settings and capabilities of the sandbox engine, ensuring that unnecessary files, which the sandbox is not prepared to process efficiently, are not sent for analysis.

Allowed file types (extensions)

List of file extensions (separated by line breaks) to be sent to the detection engine.

Place files of other (not allowed) types (extensions) in quarantine

If this option is enabled, files that are not of the listed types (extensions) are quarantined.

Remote access mode

Specifies whether to use HTTP or HTTPS to access the FortiSandbox API. HTTP should be used only in internal networks.

IP address or DNS hostname

IP address or hosname of the FortiSandbox.

TCP port

TCP port on which the FortiSandbox HTTP(S) interface runs.

Username

Username that will be used to access and authenticate to the FortiSandbox API. It is recommended to create a dedicated user for the SOFiE application.

Password

Password, which will be used to authenticate to the FortiSandbox.

Test

Using the Test button it is possible to test the access to the FortiSandbox using the parameters entered above and verify if it works.

Related content

(v2.3) FortiSandbox settings
(v2.3) FortiSandbox settings
SOFiE documentation
More like this
(v1.5) FortiSandbox settings
(v1.5) FortiSandbox settings
SOFiE documentation
More like this
(v2.2) FortiSandbox settings
(v2.2) FortiSandbox settings
SOFiE documentation
More like this
Check Point Sandblast Cloud settings
Check Point Sandblast Cloud settings
SOFiE documentation
More like this
Check Point Sandblast settings
Check Point Sandblast settings
SOFiE documentation
More like this
(v2.2) Settings - Detection settings
(v2.2) Settings - Detection settings
SOFiE documentation
More like this